From eb536d8b7c436089eab19c66e724f8b769dd644a Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 20 Jan 2021 11:25:23 -0700
Subject: [PATCH] Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. 
 This can happen when the socket cannot be written to immediately. We need to
 set the read_instead_of_write flag in that case, _not_ write_instead_of_read.
  Also sync comments with sendlog.c. Bug #954

---
 plugins/sudoers/log_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c
index 5cfab23d8..977c0f405 100644
--- a/plugins/sudoers/log_client.c
+++ b/plugins/sudoers/log_client.c
@@ -1700,7 +1700,8 @@ server_msg_cb(int fd, int what, void *v)
 			}
 			closure->temporary_write_event = true;
 		    }
-		    closure->write_instead_of_read = true;
+		    /* Redirect write event to finish SSL_read() */
+		    closure->read_instead_of_write = true;
                     debug_return;
                 case SSL_ERROR_SSL:
                     /*
@@ -1842,6 +1843,7 @@ client_msg_cb(int fd, int what, void *v)
 		    /* ssl wants to read, read event always active */
 		    sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO,
 			"SSL_write returns SSL_ERROR_WANT_READ");
+		    /* Redirect read event to finish SSL_write() */
 		    closure->write_instead_of_read = true;
                     debug_return;
                 case SSL_ERROR_WANT_WRITE: